CN106533650A - Cloud-oriented interactive privacy protection method and system - Google Patents

Cloud-oriented interactive privacy protection method and system Download PDF

Info

Publication number
CN106533650A
CN106533650A CN201611027772.XA CN201611027772A CN106533650A CN 106533650 A CN106533650 A CN 106533650A CN 201611027772 A CN201611027772 A CN 201611027772A CN 106533650 A CN106533650 A CN 106533650A
Authority
CN
China
Prior art keywords
data
cloud
data table
privacy protection
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611027772.XA
Other languages
Chinese (zh)
Other versions
CN106533650B (en
Inventor
刘君强
陈芳慧
董燕萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201611027772.XA priority Critical patent/CN106533650B/en
Publication of CN106533650A publication Critical patent/CN106533650A/en
Application granted granted Critical
Publication of CN106533650B publication Critical patent/CN106533650B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud-oriented interactive privacy protection method and system. The privacy protection method is characterized in that a data owner uploads encrypted data and stores the encrypted data on a cloud server for a long time, and data sharing services meeting privacy protection requirements are provided; when a client sends a data request, anonymization processing of the encrypted data is directly carried out on the cloud server, and the data meeting the privacy protection requirements is output; and during the anonymization processing, the cloud server can interact with a proxy server for comparison processing of ciphertext data. The method has the advantages that the data stored in an encrypted manner can serve multiple purposes; and diversified privacy protections can be easily achieved. The privacy protection system has two preconditions: a cloud service provider may be a privacy attacker, but the services must be provided according to a protocol; and the client promises not to forward an obtained data sheet to any unauthorized third party (including the cloud service provider), so that conspiratorial attacks are prevented.

Description

Cloud-oriented interactive privacy protection method and system
Technical Field
The invention relates to the field of privacy protection, in particular to a cloud-oriented interactive privacy protection method and system.
Background
With the advent of the cloud computing era, people increasingly like to utilize the characteristics of convenience and expandability of a cloud platform to store and compute data at the cloud end, and more technologies are supported by the cloud computing related services and platforms. In a cloud computing mode, a data owner uploads a large amount of data to a cloud end through a network for processing, but the cloud end has unreliable factors, and personal privacy information in the data is possibly leaked in the transmission, storage and processing processes. Therefore, the research on privacy protection in the cloud environment has become an important research direction in the field of privacy protection.
The encryption processing of the external packet data by using an encryption method is a convenient method for realizing cloud security storage. However, after the data is encrypted by the common encryption technology, the data is difficult to be researched by using the ciphertext, and the homomorphic encryption technology provides the possibility. In order to provide data sharing service, privacy protection processing is performed before cloud ciphertext data are decrypted, and data processing before decryption can be realized by using a homomorphic encryption technology.
Based on the current situation, the system combines a fully homomorphic encryption technology, a privacy protection technology and a cloud environment, and provides an interactive method and system which are oriented to the cloud, are based on the fully homomorphic encryption technology and are used for realizing safe data storage and protecting the privacy safety of a data processing process. The specific method relates to the following main technologies:
fully homomorphic encryption technology: the concept of homomorphic encryption was proposed as early as 1978 by Rivest et al, but has been stalled since then. There was a rapid development after the first homomorphic encryption scheme constructed by Gentry in 2009. The main contribution of the fully homomorphic encryption is that the possibility that the operation on the encrypted data is equal to the operation on the plaintext under the condition of no decryption is realized, which makes a great contribution to the development of the cryptology.
Privacy protection technology: data anonymization is a main technology for realizing privacy protection, and after certain change is carried out on privacy information of original data, an attacker cannot deduce a specific individual, so that personal privacy is protected.
The data privacy can be protected doubly by combining the fully homomorphic encryption technology and the anonymization technology, the safe storage of the data at the cloud end can be guaranteed, the safety of the cloud end data processing process can also be guaranteed, and finally shared data can also meet the privacy protection requirement.
Disclosure of Invention
The invention aims to provide a cloud-oriented interactive privacy protection method and system, which combine a fully homomorphic encryption technology and a privacy protection technology and apply the combined technology to cloud computing, so that the safety of cloud data storage is ensured, data sharing service is provided, and the cloud can directly perform anonymization processing on encrypted data. By using the system, different privacy parameters or privacy protection requirements can be adopted for anonymization processing, and the encrypted and stored data can be used for various data mining tasks and various data sharing query tasks.
The proposed cloud privacy protection system has two premises: firstly, a cloud service provider may be a privacy attacker, but must provide services according to an agreement; secondly, the client promises not to forward the obtained data table to other persons without authorization including the cloud service provider, so no collusion attack exists.
In order to achieve the above purpose, the present invention designs a cloud-oriented interactive privacy protection method based on the assumption that a cloud service provider is a privacy attacker, and the method is mainly implemented by the following steps:
1) the data owner independently generates a key pair (pk) for each row of data of each attribute in the extended coding data table according to a fully homomorphic key generation algorithmij,skij) I denotes the attribute number, j denotes the data column number, and the public key pk is usedijRespectively carrying out encryption processing to obtain an encrypted data table;
2) the data owner generates a key pair (pk) according to a fully homomorphic key generation algorithmcomp,skcomp) Using the public key pkcompEncrypting all attribute data columns of the extended coding data table to obtain an encrypted data table copy;
3) the data owner encrypts the data table and the copy of the encrypted data table, and the anonymized hierarchical structure file, the encoding rule and the public key pk of each attribute in the data tablecompUploading the data to a cloud server for storage as a data outsourcing form;
4) the client requests for sharing data, the request is sent to the cloud server, the request number uid is recorded by the cloud server, and then the request number uid is forwarded to the proxy server;
5) the method comprises the following steps that the proxy server determines privacy parameters and instructs a cloud server to start executing anonymization processing based on fully homomorphic encryption, and specifically comprises the following substeps:
5.1) the cloud server requests the proxy server to assist in completing ciphertext data comparison operation, and the proxy server uses the private key skcompDecrypting the ciphertext needing to be compared, then performing plaintext comparison, and returning a comparison result to the cloud server;
5.2) the cloud server executes anonymization processing by using outsourcing data stored in the cloud and the assistance of the proxy server, and searches out a data column meeting the privacy protection requirement;
6) the cloud server transmits the information of the sharable data column to the proxy server, and the proxy server generates a temporary key (pk)temp,sktemp) And using the temporary public key pktempPrivate key sk corresponding to encrypted data columni,tGet pski,tAnd t represents the t column of the ith attribute;
7) the proxy server sends the temporary public key pktempAnd pski,tUploading to a cloud server, and using pk for the cloud servertempAnd pski,tRe-encrypting the encrypted data table in step 1) to obtain the public key pktempA lower re-encrypted data table;
8) the client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd after the re-encrypted data table is decrypted and coded and converted, the data table meeting the privacy protection requirement can be obtained.
Further, in the step 1), the extended encoding data table is in a data table form based on the hierarchy structure of the anonymization of each attribute and the encoding rule, and is obtained by performing extension processing and encoding processing on data owned by a data owner. The expansion processing is to insert more fuzzy data representation values into the data table according to the attribute anonymization hierarchical structure; the encoding process is to represent each attribute data in the data table in a unique encoding form. The attribute anonymization hierarchy is defined by an XML configuration file, a single data attribute is defined by an att element, and the att element comprises two attributes: index indicates a data attribute number, and name indicates a data attribute name. The single data attribute tree structure is defined by vgh elements, vgh elements include node elements, original data values or fuzzified data values are defined by the node elements, the innermost node element represents the data form of the data owner, and the data represented by the outer node element is a more fuzzified representation of the inner data. The anonymization hierarchy of each attribute is different and can be set according to the system requirement.
Further, in the step 1) and the step 2), the encrypted data table is used for data distribution; the encrypted data table copy is used for data anonymization processing operation.
Further, in the step 3), the data outsourcing form includes an encrypted data table and an encrypted data table copy, and an attribute anonymization hierarchical structure file, an encoding rule, and a public key pkcompThe data security in the uploading and storing process is guaranteed, and the data security in the cloud server data processing process is also guaranteed.
Further, in the step 5), the privacy protection requirement is to avoid that sensitive information in the shared data is associated with an individual, the privacy parameter is a parameter set to meet the privacy protection requirement, the privacy parameters set by different privacy protection requirements are different, and the privacy protection parameter and the privacy protection requirement are self-settable and are not fixed and unchangeable. The anonymization processing is a technology for hiding or blurring data and data sources. The anonymization processing based on the fully homomorphic encryption is anonymization processing under a ciphertext by using homomorphic addition and multiplication operation.
A cloud-oriented interactive privacy protection system comprises a data owner, a proxy server, a client and a cloud server, wherein the data owner is connected with the proxy server and the cloud server, the proxy server is connected with the cloud server, and the cloud server does not have a hooking action;
the data owner is a party who owns a large amount of data and is used for generating a homomorphic key pair and encrypting the data; sending the encrypted data table and the copy, the anonymization hierarchical structure file of each attribute, the public key and the encoding rule to a cloud server; the private key is sent to the proxy server.
The proxy server is a server trusted by a data owner and is used for determining the requirement of privacy parameters; acquiring a private key from a data owner, generating a temporary homomorphic key pair, and encrypting the private key; information interaction with a cloud server is realized; a temporary key is assigned to the client.
The cloud server is used for safe storage of the encrypted data table and anonymization processing of the ciphertext data; and carrying out information interaction with the proxy server in the anonymization processing process to realize comparison between the ciphertexts.
The client is a party sending a data sharing request, and after the re-encrypted data table, the encoding rule and the temporary private key are obtained, data decryption and sharing are achieved.
The invention has the following advantages: the expansion encoding data table is encrypted by adopting a homomorphic encryption technology and then uploaded to a cloud server, so that the safety of data in the uploading and storing processes is ensured; the data is stored in the cloud server in an encrypted form, and the cloud server can directly perform homomorphic operation on the ciphertext data, so that privacy protection in the data processing process is realized; the encrypted data is stored in a cloud server for a long time, and data sharing service meeting different privacy parameters and privacy protection requirements is provided; the encrypted stored data may have multiple uses, such as for various data mining tasks and various data sharing query tasks.
Drawings
FIG. 1 is a diagram of a cloud-oriented interactive privacy preserving system of the present invention;
FIG. 2 is a basic flow chart of a cloud-oriented interactive privacy protection method;
FIG. 3 is a diagram of an example anonymization hierarchy file for three attributes.
Detailed Description
The invention adopts a BGV homomorphic encryption scheme (Z.Brakerski, C.Gentry, and V.Vaikunttanathan. (leveled) full homomorphic encryption with outbootstrapping. TOCT,6(3):13,2014.Preliminary version in ITCS 2012.) based on RLWE with higher efficiency, and for the convenience of understanding, the principle of homomorphic encryption is introduced firstly.
Firstly, setting parameters. The fully homomorphic encryption scheme employed by the present invention is based on a polynomial ringd is a power of2, λ is a security parameter of a homomorphic encryption scheme, the ciphertext polynomial coefficient takes the μ -bit modulus q, L is the binary arithmetic circuit depth, the other parameters (d ═ d (λ, μ, b), n ═ n (λ, μ, b),χ ═ χ (λ, μ, b)) to ensure 2λThe safety of (2). Setting n to 1 is based on RLWE instantiation. In order to make fully homomorphic encryption suitable for global anonymity algorithm, the plaintext space is set as R2=R/2R。
Second, a key generation algorithm. The key pair is generated as follows: secretceygen (params): selecting s '. o.. Pacer' XnTo obtain a private keyPublic key gen (params, sk): using the private key as input sk ═ s ═ 1, s ═ 0]=1,Also the parameter params ═ (q, d, N, χ). Uniformly generating a matrixOne vector e ← χNAnd a set b ← a's ' +2 e.set a as the (n +1) column matrix containing b, followed by the n column matrix of-a ' (a · s ═ 2 e). The public key pk ═ a.
Loop j ═ L to 0, params runj←GHE.Setup(1λ,1(j+1)·μB) obtaining a hierarchy of decreasing modules from qL((L + 1). mu.bits) to q0(μ bits) cycle j ═ L-1 to 0, parameter paramsjIn djIs replaced by d ═ dLX distribution ofjIs replaced by χ ═ χL
FHE.KeyGen(paramsj) Cycle j ═ L to 0, achieved as follows:
1. operation sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj,sj)。
2. Is provided withs'jIs sjIs given by a factor of RqjS injThe product of two coefficients.
3. Setting s'j←BitDecomp(s'j,qj)。
4. Run τs”j+1→sj←SwitchKeyGen(s”j,sj-1) This step is omitted when j ═ L.
The private key sk contains all sjThe public key pk contains all AjAnd τs”j+1→sj
And thirdly, encryption algorithm. Enc (params, pk, m) at R2Find information m in, run GHE.Enc (A)LM) GHE.Enc (pk, m) for encrypting a message m ∈ R2Is provided withSamplingOutputting the ciphertext
And fourthly, decryption algorithm. Dec (params, sk, c) assume that the ciphertext is at sjUnder, run GHE.Dec(sjAnd c) is adopted. Dec (sk, c) of GHE, outputting decryption information m ← [ [ solution ] ]<c,s>]q]2
And fifthly, homomorphic addition. Add (pk, c) to FHE1,c2) Inputting two identical private keys sjThe encrypted ciphertext. Setting c3←c1+c2mod qj。c3Is exactly at s'jCiphertext (s'jIncludes all sjDue to the parameters ofAnd s'jThe first coefficient of (1)), and output c)4=FHE.Refresh(c3s”j→sj-1,qj,qj-1)。
And sixthly, homomorphic multiplication. Mult (pk, c)1,c2) Inputting two identical private keys sjThe encrypted ciphertext. First, the new ciphertext is the secret keyThe following is a linear equationCoefficient vector c of3Output c4=FHE.Refresh(c3s”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1) Inputting private key s'jCiphertext ofs”j→sj-1To assist in key conversion, the current and next moduli are qjAnd q isj-1The following work is done: first expand c1←Powersof2(c,qj). Then subjected to modulus conversion, c2←Scale(c1,qj,qj-12), corresponding private key s "jSum modulus qj-1. Then the key conversion is carried out and c is output3←SwitchKey(τs”j→sj-1,c2,qj-1) Corresponding to the private key sj-1Sum modulus qj-1
Where c ═ Scale (c, p, q,2) is the modulo transformation algorithm, p, q are two odd modulo, c is an integer vector, c' is an integer vector close to (p/q) · c and satisfies c ═ c mod 2.Decompose x into its bit representation method, output ofSwitchKeyGen(s1,s2,n1,n2Q) inputting two private keysAnd the dimension of the private key, modulus q, private key s2Andrun GHE2N) to obtain the public key a, yielding B ═ a + Powesof 2(s)1Q), and then output the side information τs1→s2The exchange is implemented as B. Wherein,
the following describes the present invention in further detail with reference to fig. 2 and 3.
The extended data table in table 2 is obtained by performing an extension process on data owned by a data owner, and according to the example diagram of the attribute anonymization hierarchical structure file in fig. 3, the data is represented by fuzzy data of multiple hierarchies and is integrated into the same data table, and the number of layers of each attribute is equal to the number of columns of the attribute in the extended data table. The extended data table is a result of encoding the data in the extended data table according to the encoding rule, the extended data table in table 3 is obtained according to binary encoding, and the data encoding expression mode of each attribute is unique.
TABLE 1 extended data Table
Table 2 extended coded data table
① data owner generates several key pairs (pk) using homomorphic key generation algorithm fheij,skij) Respectively encrypting each column of the extended coding data table 2 by using different public keys to obtain an encrypted extended data table e2And (6) RT. The attribute is 3 in total, and the data of the columns 2, 2 and 3 are respectively provided, so seven key pairs are shared, and the key pairs are respectively (pk)11,sk11),(pk12,sk12),(pk21,sk21),(pk22,sk22),(pk31,sk31),(pk32,sk32),(pk33,sk33)。
② data owner generates a key pair (pk) using a homomorphic key generation algorithm fhecomp,skcomp) Using the public key pkcompAll columns of the encryption table 2 are encrypted to obtain a copy e of the encrypted extended data table2RTcomp
③ data owner upload e2RT、e2RTcompEncoding rule, public key pkcompAnd anonymizing hierarchical structure files of all attributes in the data table are sent to the cloud server.
And fourthly, the client requests the cloud server for sharing data.
And fifthly, the cloud server records the request number uid and forwards the request number uid to the proxy server.
⑥ proxy server determines privacy parameters and privacy protection requirements and instructs the cloud server to perform anonymization processing in the embodiment, we set the privacy parameters to 3, and in the data table meeting the privacy protection requirements, each record is required to contain at least 3-1 identical records2RTcompIn the data table, a row of data of each attribute is respectively extracted as a fuzzification processing result to form a new ciphertext data table re2RT。
⑦ the cloud server executes anonymization processing based on homomorphic encryption technology under ciphertext data by using outsourced data stored in the cloud, and requests the proxy server to assist in completing comparison operation between ciphertexts when necessary2And comparing the two specific records in the RT, and counting to obtain a comparison result, wherein if the two specific records are the same ciphertext of 1, the two specific records are different ciphertexts of 0. Add calculates the amount of data belonging to a record using homomorphic addition, but the amount of data is in the form of ciphertext, so a proxy server is required to assist decryption.
⑧ the proxy server gets the private key sk from the data ownercompAnd decrypting the data volume ciphertext, which is transmitted by the cloud server and needs to be compared, of each record, comparing the decrypted ciphertext with the set privacy parameter 3, and then returning comparison result information to the cloud server. If the ciphertext data table re2Each record in RT at least contains 2 same records, which shows the ciphertext data table re2The RT complies with privacy protection requirements.
And ninthly, after the cloud server carries out anonymization processing, returning the data column information meeting the privacy protection requirement to the proxy server. When the 1 st column of the 1 st attribute, the 0 th column of the 2 nd attribute and the 2 nd column of the 3 rd attribute are taken, 2 types of records are totally arranged, namely { Any, Male, Any } { Any, Female, Any }, each type of record has at least 2 pieces of data consistent with the record, namely each type of record at least comprises 3 pieces of data, and then the information of the data columns (1,0,2) is returned to the proxy server.
⑩ proxy Server generates temporary Key Pair (pk)temp,sktemp) Using the temporary public key pktempThe private key sk corresponding to the encrypted data sequence (1,0,2)1,1,sk2,0,sk3,2Get psk1,1,psk2,0,psk3,2
Proxy server uploads temporary public key pktempAnd psk1,1,psk2,0,psk3,2And sending the data to a cloud server.
PSK for cloud server1,1,psk2,0,psk3,2Re-encrypted data Table e2Corresponding column data in RT is converted into temporary public key pktempThe following table of re-encrypted data.
The client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd decrypting and coding and converting the re-encrypted data table to obtain the sharable data table meeting the privacy protection requirement.
In summary, the cloud-oriented interactive privacy protection method and system provided by the invention can realize the safe processing and sharing of data under the condition of participation of multiple parties. And under the condition of not revealing privacy, the proxy server can be used for decrypting the ciphertext data, and the possibility is provided for comparison operation in the anonymization processing process under the ciphertext. And finally, the client side obtains a data ciphertext meeting the privacy protection requirement from the cloud side, obtains a temporary private key for decryption from the proxy server, and obtains a final plaintext result for data sharing through decryption.
For the embodiments disclosed above, to enable those skilled in the art to use the present invention, various modifiable methods can be adopted for the anonymization operation based on homomorphism in the embodiments, which can be realized by the skilled person. Especially the modification of the set privacy parameters and privacy protection requirements will be apparent to the skilled person. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles of the systems disclosed herein.

Claims (6)

1. A cloud-oriented interactive privacy protection method is characterized by comprising the following steps:
1) the data owner independently generates a key pair (pk) for each row of data of each attribute in the extended coding data table according to a fully homomorphic key generation algorithmij,skij) I denotes the attribute number, j denotes the data column number, and the public key pk is usedijRespectively carrying out encryption processing to obtain an encrypted data table;
2) the data owner generates a key pair (pk) according to a fully homomorphic key generation algorithmcomp,skcomp) Using the public key pkcompEncrypting all attribute data columns of the extended coding data table to obtain an encrypted data table copy;
3) the data owner encrypts the data table and the copy of the encrypted data table, and the anonymized hierarchical structure file, the encoding rule and the public key pk of each attribute in the data tablecompUploading the data to a cloud server for storage as a data outsourcing form;
4) the client requests for sharing data, the request is sent to the cloud server, the request number uid is recorded by the cloud server, and then the request number uid is forwarded to the proxy server;
5) the method comprises the following steps that the proxy server determines privacy parameters and instructs a cloud server to start executing anonymization processing based on fully homomorphic encryption, and specifically comprises the following substeps:
5.1) the cloud server requests the proxy server to assist in completing ciphertext data comparison operation, and the proxy server uses the private key skcompDecrypting the ciphertext needing to be compared, then performing plaintext comparison, and returning a comparison result to the cloud server;
5.2) the cloud server executes anonymization processing by using outsourcing data stored in the cloud and the assistance of the proxy server, and searches out a data column meeting the privacy protection requirement;
6) the cloud server transmits the information of the sharable data column to the proxy server, and the proxy server generates a temporary key (pk)temp,sktemp) And using the temporary public key pktempPrivate key sk corresponding to encrypted data columni,tGet pski,tAnd t represents the t column of the ith attribute;
7) the proxy server sends the temporary public key pktempAnd pski,tUploading to a cloud server, and using pk for the cloud servertempAnd pski,tRe-encrypting the encrypted data table in step 1) to obtain the public key pktempA lower re-encrypted data table;
8) the client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd after the re-encrypted data table is decrypted and coded and converted, the data table meeting the privacy protection requirement can be obtained.
2. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 1), the extended coding data table is in a data table form based on attribute anonymization hierarchy and coding rules, and is obtained by performing extension processing and coding processing on data owned by a data owner. The expansion processing is to insert more fuzzy data representation values into the data table according to the attribute anonymization hierarchical structure; the encoding process is to represent each attribute data in the data table in a unique encoding form. The attribute anonymization hierarchy is defined by an XML configuration file, a single data attribute is defined by an att element, and the att element comprises two attributes: index indicates a data attribute number, and name indicates a data attribute name. The single data attribute tree structure is defined by vgh elements, vgh elements include node elements, original data values or fuzzified data values are defined by the node elements, the innermost node element represents the data form of the data owner, and the data represented by the outer node element is a more fuzzified representation of the inner data. The anonymization hierarchy of each attribute is different and can be set according to the system requirement.
3. The cloud-oriented interactive privacy protection method of claim 1, wherein in the steps 1) and 2), the encrypted data table is used for data publishing; the encrypted data table copy is used for data anonymization processing operation.
4. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 3), the outsourcing form includes an encrypted data table and an encrypted data table copy, and an attribute anonymization hierarchy file, an encoding rule, and a public key pkcompThe data security in the uploading and storing process is guaranteed, and the data security in the cloud server data processing process is also guaranteed.
5. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 5), the privacy protection requirement is to prevent sensitive information in the shared data from being associated with an individual, the privacy parameter is a parameter set to meet the privacy protection requirement, the privacy parameters set by different privacy protection requirements are different, and the privacy protection parameter and the privacy protection requirement are set by themselves and are not fixed and unchangeable. The anonymization processing is a technology for hiding or blurring data and data sources. The anonymization processing based on the fully homomorphic encryption is anonymization processing under a ciphertext by using homomorphic addition and multiplication operation.
6. The interactive privacy protection system facing the cloud end is characterized by comprising a data owner, a proxy server, a client and a cloud end server, wherein the data owner is connected with the proxy server and the cloud end server;
the data owner is a party who owns a large amount of data and is used for generating a homomorphic key pair and encrypting the data; sending the encrypted data table and the copy, the anonymization hierarchical structure file of each attribute, the public key and the encoding rule to a cloud server; the private key is sent to the proxy server.
The proxy server is a server trusted by a data owner and is used for determining the requirement of privacy parameters; acquiring a private key from a data owner, generating a temporary homomorphic key pair, and encrypting the private key; information interaction with a cloud server is realized; a temporary key is assigned to the client.
The cloud server is used for safe storage of the encrypted data table and anonymization processing of the ciphertext data; and carrying out information interaction with the proxy server in the anonymization processing process to realize comparison between the ciphertexts.
The client is a party sending a data sharing request, and after the re-encrypted data table, the encoding rule and the temporary private key are obtained, data decryption and sharing are achieved.
CN201611027772.XA 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud Active CN106533650B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611027772.XA CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611027772.XA CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Publications (2)

Publication Number Publication Date
CN106533650A true CN106533650A (en) 2017-03-22
CN106533650B CN106533650B (en) 2019-04-02

Family

ID=58352785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611027772.XA Active CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Country Status (1)

Country Link
CN (1) CN106533650B (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404538A (en) * 2017-08-18 2017-11-28 金蝶软件(中国)有限公司 A kind of cloud data transmission method and its server
CN108011714A (en) * 2017-11-30 2018-05-08 公安部第三研究所 Guard method and the system of data object main body mark are realized based on cryptography arithmetic
CN109800595A (en) * 2018-12-26 2019-05-24 全球能源互联网研究院有限公司 A kind of electric power data sharing method and system
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110190945A (en) * 2019-05-28 2019-08-30 暨南大学 Based on adding close linear regression method for secret protection and system
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111125734A (en) * 2019-12-20 2020-05-08 深圳前海微众银行股份有限公司 Data processing method and system
CN111143880A (en) * 2019-12-27 2020-05-12 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111159761A (en) * 2019-12-20 2020-05-15 深圳前海微众银行股份有限公司 Model training method and device
CN111460475A (en) * 2020-03-27 2020-07-28 公安部第三研究所 Method for realizing data object subject de-identification processing based on cloud service
WO2020242509A1 (en) 2019-05-31 2020-12-03 Intuit Inc. Privacy preserving server
CN112231736A (en) * 2020-11-04 2021-01-15 广东辰宜信息科技有限公司 Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium
CN112788001A (en) * 2020-12-28 2021-05-11 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112818362A (en) * 2021-01-29 2021-05-18 江苏理工学院 Public key encryption method based on R-LWE
WO2021109756A1 (en) * 2019-12-03 2021-06-10 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
TWI734368B (en) * 2019-06-18 2021-07-21 開曼群島商創新先進技術有限公司 Data homomorphic encryption and decryption method and device for realizing privacy protection
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
US11159305B2 (en) 2019-06-18 2021-10-26 Advanced New Technologies Co., Ltd. Homomorphic data decryption method and apparatus for implementing privacy protection
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903325A (en) * 2013-07-08 2014-07-02 苏州大学 Safe electronic voting system based on identity signature
US20150058629A1 (en) * 2013-08-21 2015-02-26 Mark D. Yarvis Processing Data Privately in the Cloud
CN105072157A (en) * 2015-07-15 2015-11-18 柳州首光科技有限公司 Network-based data storage system having privacy protection function

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903325A (en) * 2013-07-08 2014-07-02 苏州大学 Safe electronic voting system based on identity signature
US20150058629A1 (en) * 2013-08-21 2015-02-26 Mark D. Yarvis Processing Data Privately in the Cloud
CN105072157A (en) * 2015-07-15 2015-11-18 柳州首光科技有限公司 Network-based data storage system having privacy protection function

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404538A (en) * 2017-08-18 2017-11-28 金蝶软件(中国)有限公司 A kind of cloud data transmission method and its server
CN107404538B (en) * 2017-08-18 2021-01-22 金蝶软件(中国)有限公司 Cloud data transmission method and server thereof
CN108011714A (en) * 2017-11-30 2018-05-08 公安部第三研究所 Guard method and the system of data object main body mark are realized based on cryptography arithmetic
CN108011714B (en) * 2017-11-30 2020-10-02 公安部第三研究所 Method and system for protecting data object body identification based on cryptology operation
CN109800595A (en) * 2018-12-26 2019-05-24 全球能源互联网研究院有限公司 A kind of electric power data sharing method and system
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110176983B (en) * 2019-05-22 2021-09-03 西安电子科技大学 Privacy protection association rule mining method based on fully homomorphic encryption
CN110190945A (en) * 2019-05-28 2019-08-30 暨南大学 Based on adding close linear regression method for secret protection and system
CN110190945B (en) * 2019-05-28 2022-07-19 暨南大学 Linear regression privacy protection method and system based on multiple encryptions
WO2020242509A1 (en) 2019-05-31 2020-12-03 Intuit Inc. Privacy preserving server
EP3871127A4 (en) * 2019-05-31 2022-07-27 Intuit Inc. Privacy preserving server
TWI734368B (en) * 2019-06-18 2021-07-21 開曼群島商創新先進技術有限公司 Data homomorphic encryption and decryption method and device for realizing privacy protection
US11159305B2 (en) 2019-06-18 2021-10-26 Advanced New Technologies Co., Ltd. Homomorphic data decryption method and apparatus for implementing privacy protection
CN110365679B (en) * 2019-07-15 2021-10-19 华瑞新智科技(北京)有限公司 Context-aware cloud data privacy protection method based on crowdsourcing evaluation
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
WO2021109756A1 (en) * 2019-12-03 2021-06-10 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme
CN111159761B (en) * 2019-12-20 2022-06-24 深圳前海微众银行股份有限公司 Model training method and device
CN111125734A (en) * 2019-12-20 2020-05-08 深圳前海微众银行股份有限公司 Data processing method and system
CN111125734B (en) * 2019-12-20 2023-03-31 深圳前海微众银行股份有限公司 Data processing method and system
CN111159761A (en) * 2019-12-20 2020-05-15 深圳前海微众银行股份有限公司 Model training method and device
CN111143880A (en) * 2019-12-27 2020-05-12 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111143880B (en) * 2019-12-27 2022-06-07 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111460475B (en) * 2020-03-27 2023-04-25 公安部第三研究所 Method for implementing de-identification processing of data object main body based on cloud service
CN111460475A (en) * 2020-03-27 2020-07-28 公安部第三研究所 Method for realizing data object subject de-identification processing based on cloud service
CN112231736A (en) * 2020-11-04 2021-01-15 广东辰宜信息科技有限公司 Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium
CN112788001B (en) * 2020-12-28 2023-04-07 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112788001A (en) * 2020-12-28 2021-05-11 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112818362A (en) * 2021-01-29 2021-05-18 江苏理工学院 Public key encryption method based on R-LWE
CN112818362B (en) * 2021-01-29 2023-09-22 江苏理工学院 Public key encryption method based on R-LWE
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
CN113127536B (en) * 2021-04-14 2023-07-28 上海同态信息科技有限责任公司 Offline fuzzy matching system based on homomorphic encryption
CN113157778B (en) * 2021-06-09 2021-09-24 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system
CN114386072B (en) * 2022-01-13 2024-04-02 中国科学技术大学 Data sharing method, device and system

Also Published As

Publication number Publication date
CN106533650B (en) 2019-04-02

Similar Documents

Publication Publication Date Title
CN106533650B (en) Interactive method for secret protection and system towards cloud
Abd El-Latif et al. Secure data encryption based on quantum walks for 5G Internet of Things scenario
CN106534313B (en) The frequency measuring method and system of facing cloud end data publication protection safety and privacy
Cui et al. Efficient and expressive keyword search over encrypted data in cloud
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
US20180006805A1 (en) Method and system for encrypting data
JP6363032B2 (en) Key change direction control system and key change direction control method
CN107154845B (en) BGN type ciphertext decryption outsourcing scheme based on attributes
CN110635909B (en) Attribute-based collusion attack resistant proxy re-encryption method
CN111586000A (en) Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof
Gupta et al. A fully homomorphic encryption scheme with symmetric keys with application to private data processing in clouds
Liu et al. Ciphertext‐policy attribute‐based encryption with partially hidden access structure and its application to privacy‐preserving electronic medical record system in cloud environment
CN110851845A (en) Light-weight single-user multi-data all-homomorphic data packaging method
Li et al. Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud
CN105978689B (en) Secret key leakage resistant cloud data secure sharing method
CN114175569A (en) System and method for adding and comparing integers encrypted with quasigroup operations in AES counter mode encryption
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Nalajala et al. Light weight secure data sharing scheme for mobile cloud computing
Almuzaini et al. Key Aggregation Cryptosystem and Double Encryption Method for Cloud‐Based Intelligent Machine Learning Techniques‐Based Health Monitoring Systems
Khuntia et al. New hidden policy CP-ABE for big data access control with privacy-preserving policy in cloud computing
Lv et al. Efficiently attribute-based access control for mobile cloud storage system
Zhou et al. Secure outsourced medical data against unexpected leakage with flexible access control in a cloud storage system
CN115361109B (en) Homomorphic encryption method supporting bidirectional proxy re-encryption
Karvelas et al. Efficient privacy-preserving big data processing through proxy-assisted ORAM

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant